Quantum-Safe Signatures - Examples in Python

In this example, we shall demonstrate theSPHINCS+ signature library. It implements hash-based signatures, which are designed to be quantum-safe. Note that the SPHINCS+ signatures are still experimental (as of Nov 2018) and their security is not still indisputably proven, because they are relatively new and are still not well analysed by cryptographers.

We shall demonstrate the SPHINCS+ cryptosystem for hash-based digital signatures, more precisely two of its configurations:

It is visible from the above output that for the shake256_128f parameter set the SPHINCS+ public key is small (32 bytes), the private key is also small (64 bytes), but the signature is big (16976 bytes, ~16.9 KB, partially shown above). This makes SPHINCS+ signatures not an ideal solution for the post-quantum signatures. Additionally, the signature computation speed is sensibly slower than RSA and ECDSA.

Let's tweak the SPHINCS+ algorithm parameters to get shorter signature, using the shake256_128s parameter set (SPHINCS+, using SHAKE256-128 as hash function and in slow mode). This smaller signature will cost many times more computing time for signing. Let's change the algorithm parameters like this (in fact the important change is at the first line only):

The produced signature size now is smaller (~ 8KB, partially shown below), but the time to generate the signature is drastically increased (signing takes a few seconds, key generation and signature verification are still fast):

We may conclude that quantum-safe digital signature algorithms like SPHINCS+ signatures may replace ECDSA and EdDSA in the post-quantum computing era, but they still have one big disadvantage: large signatures. For some applications the signature size may not be a problem, but for others smaller signatures are critical.